Quote
// ==UserScript==
// @name => Defeating Ning Captcha Proof-Of-Concept
// @namespace => http://yehg.net
// @author => d0ubl3_h3lix http://yehg.net
// @description => Ning might have over-confidence or doesn't care about Security of its users. This little Greasemonkey Exploit will auto-register and join particular group for massive spamming. My suggested countermeasure is to use 1 time token and challenge-back emailing. Nobody, especially non-security geeks, can realize the ACTUAL attack scene till we, securiy guys, show them small simulation. The following script is targetting on my Country IT Professional Group http://mmitpros.ning.com. Note that you, ning owners, should respect my disclosure policy. Attackers can even make more devastating effects and create biggest Ajax worm using existing still-unfixed variable Charset-encoding XSS on ning.
// @thankz Special thanks to authors of XSS Attacks & Exploits who said "Today there are still a few who employ the Power Of JavaScript.". I take such wise advice for granted. Now,I'm one of them :)
// @include http://myanmaritpros.com/
// ==/UserScript==